Export limit exceeded: 29863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29863 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0249 | 1 Cisco | 1 Aironet Access Point Software | 2024-11-29 | 4.3 Medium |
| A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116. | ||||
| CVE-2023-25515 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2024-11-29 | 7.8 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. | ||||
| CVE-2023-23570 | 1 Gallagher | 1 Command Centre | 2024-11-27 | 5.4 Medium |
| Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. | ||||
| CVE-2023-37300 | 1 Mediawiki | 1 Mediawiki | 2024-11-27 | 5.3 Medium |
| An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. | ||||
| CVE-2023-33570 | 1 Webkul | 1 Bagisto | 2024-11-27 | 8.8 High |
| Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). | ||||
| CVE-2024-27310 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-27 | 5.3 Medium |
| Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. | ||||
| CVE-2023-32612 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-11-27 | 7.2 High |
| Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege. | ||||
| CVE-2023-1695 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-27 | 7.5 High |
| Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-34761 | 1 7-eleven | 2 Hello Cup, Led Message Cup | 2024-11-27 | 6.5 Medium |
| An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter. | ||||
| CVE-2023-34834 | 1 Mcl-collection | 2 Mcl-net, Mcl-net Firmware | 2024-11-26 | 5.3 Medium |
| A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint. | ||||
| CVE-2023-29145 | 1 Malwarebytes | 2 Endpoint Detection And Response, Malwarebytes | 2024-11-26 | 7.8 High |
| The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. | ||||
| CVE-2023-29147 | 1 Malwarebytes | 2 Endpoint Detection And Response, Malwarebytes | 2024-11-26 | 5.5 Medium |
| In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. | ||||
| CVE-2023-29241 | 1 Bosch | 1 Building Integration System | 2024-11-26 | 8.1 High |
| Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network | ||||
| CVE-2023-46387 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2024-11-26 | 7.5 High |
| LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. | ||||
| CVE-2023-40122 | 1 Google | 1 Android | 2024-11-26 | 5.3 Medium |
| In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2021-1224 | 2 Cisco, Snort | 43 1100-4p Integrated Services Router, 1100-8p Integrated Services Router, 1101-4p Integrated Services Router and 40 more | 2024-11-26 | 5.8 Medium |
| Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. | ||||
| CVE-2022-20744 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 6.5 Medium |
| A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization. | ||||
| CVE-2021-1223 | 2 Cisco, Snort | 19 1100-4p Integrated Services Router, 1100-8p Integrated Services Router, 1101-4p Integrated Services Router and 16 more | 2024-11-26 | 7.5 High |
| Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. | ||||
| CVE-2021-34754 | 1 Cisco | 2 Firepower Threat Defense, Secure Firewall Management Center | 2024-11-26 | 5.8 Medium |
| Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet. | ||||
| CVE-2024-20388 | 1 Cisco | 4 Firepower Management Center, Firepower Threat Defense, Firepower Threat Defense Software and 1 more | 2024-11-26 | 5.3 Medium |
| A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset. | ||||